[c-nsp] Proxy ARP -- To disable, or not to disable..

Pete Templin petelists at templin.org
Fri Mar 21 15:21:22 EDT 2008


Eric Cables wrote:
> A recent network audit has discovered that Proxy ARP is enabled on pretty
> much every L3 interface in the network.  As a Cisco default, this isn't
> surprising, since no template configs have it disabled.
> 
> The question is: whether or not I should go back and disable it, or just
> leave it be, since it doesn't appear to be causing any problems.

Pros of leaving it on: devices with incorrect subnet masks and/or 
gateways can still function.  Those with incorrect subnet masks probably 
have a portion of the Internet that's invisible, but are otherwise 
functioning.

Pros of turning it off: devices with incorrect subnet masks and/or 
gateways will be exposed.

We had other issues with our Adtran TA 600 series IADs by leaving it on, 
but I can't remember what they were.  We've made it standard practice to 
turn off proxy arp anywhere and everywhere.

pt



More information about the cisco-nsp mailing list